Dobrý den, ESET PROTECT mi na počítači nahlásil výskyt malware: Detekce potenciálně spojená se známým malwarem [I0115]
ale při kontrole na místě nic nenašel.
Posílám logy a prosím o kontrolu.
Děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2025
Ran by papepa (administrator) on W-ZAM-E-03 (Dell Inc. OptiPlex 7050) (13-01-2026 08:04:36)
Running from C:\Users\papepa\Desktop\FRST64.exe
Loaded Profiles: papepa
Platform: Microsoft Windows 11 Pro Version 23H2 22631.6199 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\119.0.2.0\crashpad_handler.exe
(C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\143.0.3650.139\msedgewebview2.exe <8>
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(DriverStore\FileRepository\cui_dch.inf_amd64_bd81469b51147524\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_bd81469b51147524\igfxEM.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(explorer.exe ->) (Google LLC -> Google LLC.) C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\papepa\AppData\Local\Microsoft\OneDrive\25.238.1204.0001\OneDrive.Sync.Service.exe
(services.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\143.0.7499.7\remoting_host.exe <2>
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_bd81469b51147524\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_47d3698a1c94c55a\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b8e80a9b8772ee40\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b8e80a9b8772ee40\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wksprt.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269088 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506144 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe [1222536 2018-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [285616 2025-08-21] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [0 2024-12-19] () <==== ATTENTION [zero byte File/Folder]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableLogonScriptDelay] 1
HKLM\Software\Policies\...\system: [AsyncScriptDelay] 2
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\...\Policies\Explorer: [NoDrives] 1048576
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\Run: [MicrosoftEdgeAutoLaunch_98BEB6ECDB83C00E7B5057E6C1061268] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4228176 2026-01-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\lokadmin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [82654736 2024-11-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\lokadmin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\RunOnce: [Uninstall 22.012.0117.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\lokadmin\AppData\Local\Microsoft\OneDrive\22.012.0117.0003" [0 2024-11-13] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\sxm4mPC: C:\Windows\System32\spool\prtprocs\x64\sxm4mpc.dll [53152 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\Epson_Print_Admin: C:\Windows\system32\epscpmon.dll [831488 2019-05-31] (Seiko Epson Corporation) [File not signed]
HKLM\...\Print\Monitors\HP1100LM: C:\Windows\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\rica1Ilm: C:\Windows\system32\rica1Ilm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\...\Print\Monitors\sxm4m Langmon: C:\Windows\system32\sxm4mlm.dll [43936 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2025-11-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\143.0.7499.193\Installer\chrmstp.exe [2026-01-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2024-12-19]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {940D86DE-AF94-4699-B2DF-442E6C0991FA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem144.0.7547.0{AB5F35C8-B165-4177-A6F6-8B34461CD98A} => C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe [7056536 2025-11-26] (Google LLC -> Google LLC)
Task: {37B90D10-C3B5-4579-A357-6F598F4087E4} - System32\Tasks\GoogleUserPEH\RunPlatformExperienceHelper_CheckEligible => C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2630296 2025-11-06] (Google LLC -> Google LLC)
Task: {C59E7D62-B190-450A-8971-6B4C54E47B9C} - System32\Tasks\GoogleUserPEH\RunPlatformExperienceHelper_Metrics => C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2630296 2025-11-06] (Google LLC -> Google LLC)
Task: {653C6D85-3311-44BE-BBDA-FF5A16D4D0B7} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [91656 2025-11-19] (HP Inc. -> HP Inc.)
Task: {614A0CEB-67DC-4AB1-8CA5-BE76FFCDC232} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [91656 2025-11-19] (HP Inc. -> HP Inc.)
Task: {3F53230E-02B2-477D-9617-6ADA2A74FD54} - System32\Tasks\Leader Technologies\PowerRegister\Xerox Product Registration (kuchvl) => C:\Users\kuchvl\AppData\Roaming\Leadertech\PowerRegister\Xerox Product Registration.exe [1786880 2018-09-10] (Xerox/Leader Technologies) [File not signed] -> C:\Users\kuchvl\AppData\Roaming\Leadertech\PowerRegister\/remind /language=CSY /MODL="WorkCentre 3025" /PRTP="USB" /PRNM="XRTK"
Task: {18F8EB77-C3EA-4612-B9E2-04D6713D91C8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {9D8531DC-2AA5-43B8-A747-617D2FFF6FD3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {82D4B720-A130-4F03-B1E6-8060FFDBDC9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {29DDB791-7556-4AEC-B256-06C778645C28} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\system32\gpupdate.exe [53248 2025-04-08] (Microsoft Windows -> Microsoft Corporation)
Task: {05F8AEF2-E739-46C7-86D1-735C270321E3} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\Windows\system32\gpupdate.exe [53248 2025-04-08] (Microsoft Windows -> Microsoft Corporation)
Task: {2937C60F-7F84-4EA2-9E37-AD25E7144E4A} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\kuchvl@zs-vsechovice.local\Process policy => {E444E1B9-502C-44F9-B714-30DA330D0E8E} C:\Windows\System32\tsworkspace.dll [1179648 2025-11-11] (Microsoft Windows -> Microsoft Corporation)
Task: {CF9A3D38-6A26-46AC-B700-D413DC8E7C3E} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\kuchvl@zs-vsechovice.local\Report update status => C:\Windows\system32\RUNDLL32.exe [73728 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,WorkspaceStatusNotify2
Task: {6CF8D11B-2637-49F3-B939-AF2A0B6A5115} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\kuchvl@zs-vsechovice.local\Start Workspace Runtime at logon => {4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C} C:\Windows\system32\wksprt.exe [430080 2025-11-11] (Microsoft Windows -> Microsoft Corporation)
Task: {37F6AF5B-B502-4764-B11C-713215531CCA} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\kuchvl@zs-vsechovice.local\Update connections => C:\Windows\system32\RUNDLL32.exe [73728 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,TaskUpdateWorkspaces2
Task: {8BA866B3-3824-492B-B2DF-73859C6D25FD} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\papepa@zs-vsechovice.local\Process policy => {E444E1B9-502C-44F9-B714-30DA330D0E8E} C:\Windows\System32\tsworkspace.dll [1179648 2025-11-11] (Microsoft Windows -> Microsoft Corporation)
Task: {E8C36D55-443C-49D6-A58D-3FEDE9B3FA89} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\papepa@zs-vsechovice.local\Report update status => C:\Windows\system32\RUNDLL32.exe [73728 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,WorkspaceStatusNotify2
Task: {1A680C7F-77E0-4AF0-BB83-84352D00A424} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\papepa@zs-vsechovice.local\Start Workspace Runtime at logon => {4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C} C:\Windows\system32\wksprt.exe [430080 2025-11-11] (Microsoft Windows -> Microsoft Corporation)
Task: {D3BC8585-18F7-45ED-9766-48190C81DF47} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\papepa@zs-vsechovice.local\Update connections => C:\Windows\system32\RUNDLL32.exe [73728 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,TaskUpdateWorkspaces2
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {1B46555E-6AD0-41AA-BC63-A1D3962C2028} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {CA0BE498-356F-4494-A42F-5F52036E27B7} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2774596813-2351541506-2060952939-1285 => C:\Users\papepa\AppData\Local\Microsoft\OneDrive\25.238.1204.0001\OneDriveLauncher.exe [746856 2026-01-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E05FA3B-F197-4E69-A111-8989BA0BEE75} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2774596813-2351541506-2060952939-1487 => C:\Users\kuchvl\AppData\Local\Microsoft\OneDrive\25.224.1116.0003_1\OneDriveLauncher.exe [745832 2026-01-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {39758329-DD36-408E-A007-9B6853C376BC} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-2774596813-2351541506-2060952939-1487 => C:\Users\kuchvl\AppData\Roaming\Zoom\bin\Zoom.exe [462768 2025-11-26] (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.38.10.20 10.38.10.26
Tcpip\..\Interfaces\{7b1e00ec-73b2-4321-add9-921f177f1d4b}: [DhcpNameServer] 10.38.10.20 10.38.10.26
Tcpip\..\Interfaces\{7b1e00ec-73b2-4321-add9-921f177f1d4b}: [DhcpDomain] zs-vsechovice.local
Edge:
=======
Edge Profile: C:\Users\papepa\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-15]
Edge Extension: (Dokumenty Google offline) - C:\Users\papepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-19]
Edge Extension: (Edge relevant text changes) - C:\Users\papepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-13]
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2026-01-13]
Chrome:
=======
CHR Profile: C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default [2026-01-13]
CHR Extension: (Set Character Encoding) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpojelgakakmcfmjfilgdlmhefphglae [2024-12-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-15]
CHR Extension: (Verifee) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaamlhinjaceanpdanmagllfeoelcfhl [2024-12-09]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2025-01-15]
CHR Extension: (Rozšíření Google Keep pro Chrome) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2024-12-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-09]
CHR HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5631928 2025-10-30] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\143.0.7499.7\remoting_host.exe [74392 2025-10-31] (Google LLC -> Google LLC)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5538736 2025-08-21] (ESET, spol. s r.o. -> ESET)
S3 EHttpSrv; C:\Program Files\ESET\ESET Security\ehttpsrv.exe [346544 2025-08-21] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [4804544 2025-08-21] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [4804544 2025-08-21] (ESET, spol. s r.o. -> ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1559584 2025-10-14] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [244232 2025-11-19] (HP Inc. -> HP Inc.)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126880 2012-09-27] (Hewlett-Packard Company -> HP)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [803096 2025-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [544768 2023-12-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [188416 2023-12-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [124800 2017-04-24] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232416 2025-09-17] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2025-09-16] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [270144 2025-09-17] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [86776 2025-09-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [126520 2025-09-17] (ESET, spol. s r.o. -> ESET)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [152608 2024-11-19] (WDKTestCert andy.miller,132291778652267126 -> Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [101520 2024-11-19] (WDKTestCert andy.miller,132291778652267126 -> Future Technology Devices International Ltd.)
R2 googledrivefs31931; C:\Program Files\Google\Drive File Stream\Drivers\31931\googledrivefs31931.sys [386256 2025-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [14224 2021-06-07] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslce6926eb; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B88030C7-2D58-4BEF-90BD-987857E92682}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2026-01-13 08:04 - 2026-01-13 08:05 - 000025537 _____ C:\Users\papepa\Desktop\FRST.txt
2026-01-13 08:04 - 2026-01-13 08:04 - 000000000 ____D C:\FRST
2026-01-13 08:00 - 2026-01-13 08:00 - 002444288 _____ (Farbar) C:\Users\papepa\Desktop\FRST64.exe
2026-01-12 14:10 - 2026-01-12 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2026-01-12 12:15 - 2026-01-12 12:15 - 000112254 _____ C:\Users\kuchvl\Downloads\2026011537 (1).pdf
2026-01-12 11:37 - 2026-01-12 11:37 - 000112254 _____ C:\Users\kuchvl\Downloads\2026011537.pdf
2026-01-12 00:28 - 2026-01-12 00:28 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Work Resources (RADC)
2026-01-09 14:44 - 2026-01-09 14:44 - 000012196 __RSH C:\ProgramData\ntuser.pol
2026-01-09 11:02 - 2026-01-09 11:02 - 000000000 ____D C:\Windows\system32\appmgmt
2026-01-08 13:13 - 2026-01-08 13:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2026-01-08 13:13 - 2026-01-08 13:13 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Xerox
2026-01-08 13:13 - 2026-01-08 13:13 - 000000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2026-01-08 13:12 - 2026-01-08 13:13 - 000000000 ____D C:\Program Files (x86)\Xerox
2026-01-08 13:11 - 2026-01-13 07:43 - 000000000 ____D C:\Users\papepa\AppData\Roaming\Xerox
2026-01-08 13:11 - 2026-01-08 13:11 - 000000000 ____D C:\Users\lokadmin\AppData\Roaming\Xerox
2026-01-08 12:59 - 2026-01-08 13:13 - 000000000 ____D C:\Windows\system32\Tasks\Leader Technologies
2026-01-08 12:58 - 2026-01-08 13:13 - 000000000 ____D C:\ProgramData\Xerox
2026-01-08 12:58 - 2026-01-08 12:58 - 000000000 ____D C:\Windows\LastGood
2026-01-08 12:58 - 2026-01-08 12:58 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Leadertech
2026-01-08 12:58 - 2018-09-10 17:42 - 001786880 ____N (Xerox/Leader Technologies) C:\Windows\Xreg.exe
2026-01-08 12:58 - 2018-09-10 17:42 - 000146432 _____ C:\Windows\Wiainst64.exe
2026-01-08 12:57 - 2026-01-08 12:57 - 224291194 _____ C:\Users\kuchvl\Downloads\WorkCentre_3025_Windows_Software_Installer-Package.exe
2026-01-08 12:57 - 2026-01-08 12:57 - 000000000 ____D C:\Xerox
2026-01-08 12:56 - 2026-01-08 12:57 - 243984288 _____ C:\Users\kuchvl\Downloads\Xerox_WorkCentre_3025_Windows_Print_Drivers_Utilities_V1.10.exe
2026-01-05 10:03 - 2026-01-05 10:03 - 000057453 _____ C:\Users\kuchvl\Downloads\Přehled odebraných jednotek za I. pololetí (4).xlsx
2026-01-01 12:22 - 2026-01-01 12:22 - 000013167 _____ C:\Users\kuchvl\Downloads\Smolár_2025-12.xlsx
2025-12-29 15:11 - 2025-12-29 15:11 - 000018629 _____ C:\Users\kuchvl\Downloads\month_export_2025-12.xlsx
2025-12-19 14:34 - 2025-12-19 14:34 - 000018700 _____ C:\Users\kuchvl\Downloads\month_export_2025-12 (1).xlsx
2025-12-18 11:51 - 2025-12-18 11:51 - 000725758 _____ C:\Windows\system32\perfh005.dat
2025-12-18 11:51 - 2025-12-18 11:51 - 000151026 _____ C:\Windows\system32\perfc005.dat
2025-12-16 09:22 - 2025-12-16 09:22 - 016078448 _____ C:\Users\kuchvl\Downloads\VID_20251215_130036.mp4
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2026-01-13 07:58 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-01-13 07:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2026-01-13 07:45 - 2025-11-10 07:50 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUserPEH
2026-01-13 07:45 - 2024-12-02 17:40 - 000000000 ____D C:\Users\papepa\AppData\Local\D3DSCache
2026-01-13 07:45 - 2024-11-13 17:54 - 000000000 ____D C:\Users\papepa\AppData\Local\Packages
2026-01-13 07:43 - 2025-01-15 11:38 - 000003578 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2774596813-2351541506-2060952939-1285
2026-01-13 07:43 - 2024-12-19 09:12 - 000000000 ____D C:\ProgramData\AnyDesk
2026-01-13 07:43 - 2024-12-19 09:11 - 000000000 ____D C:\Users\papepa\AppData\Roaming\AnyDesk
2026-01-13 07:43 - 2024-11-13 17:54 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2774596813-2351541506-2060952939-1285
2026-01-13 07:43 - 2024-11-13 17:54 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2774596813-2351541506-2060952939-1285
2026-01-13 07:43 - 2024-11-13 17:54 - 000002393 _____ C:\Users\papepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-01-13 07:43 - 2024-11-13 17:54 - 000000000 ___SD C:\Users\papepa\AppData\Roaming\Microsoft\Credentials
2026-01-13 07:42 - 2025-01-15 12:02 - 000002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2026-01-13 07:42 - 2025-01-15 12:02 - 000002091 _____ C:\Users\papepa\Desktop\Google Slides.lnk
2026-01-13 07:42 - 2025-01-15 12:02 - 000002091 _____ C:\Users\papepa\Desktop\Google Sheets.lnk
2026-01-13 07:42 - 2025-01-15 12:02 - 000002079 _____ C:\Users\papepa\Desktop\Google Docs.lnk
2026-01-13 07:42 - 2025-01-15 11:15 - 000000000 ____D C:\Users\kuchvl
2026-01-13 07:42 - 2024-11-13 17:54 - 000000000 __SHD C:\Users\papepa\IntelGraphicsProfiles
2026-01-13 07:42 - 2024-11-13 15:03 - 000000152 _____ C:\Windows\system32\config\netlogon.ftl
2026-01-13 07:42 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2026-01-13 07:42 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2026-01-12 14:10 - 2025-01-15 11:16 - 000000000 ____D C:\Users\kuchvl\AppData\Local\Packages
2026-01-12 14:10 - 2024-11-13 16:07 - 000000000 ____D C:\Program Files\ESET
2026-01-12 14:10 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2026-01-12 14:10 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2026-01-12 14:09 - 2024-11-13 16:07 - 000000000 ____D C:\ProgramData\ESET
2026-01-12 13:38 - 2024-06-25 13:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2026-01-12 12:51 - 2025-01-15 11:41 - 000000000 ____D C:\TEMP
2026-01-12 12:23 - 2025-01-15 13:21 - 000000000 ____D C:\Users\kuchvl\AppData\Local\CrashDumps
2026-01-12 08:57 - 2025-01-15 11:16 - 000000000 ____D C:\Users\kuchvl\AppData\Local\D3DSCache
2026-01-11 11:56 - 2025-01-15 11:16 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\AnyDesk
2026-01-10 21:34 - 2024-06-25 13:03 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-01-10 21:34 - 2024-06-25 13:03 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2026-01-09 07:12 - 2024-11-13 16:30 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-01-09 07:12 - 2024-11-13 16:30 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2026-01-08 13:18 - 2025-01-15 13:58 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Microsoft\Word
2026-01-08 13:18 - 2025-01-15 13:58 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Microsoft\Šablony
2026-01-08 13:04 - 2025-11-26 10:13 - 000000000 ____D C:\Users\kuchvl\AppData\Local\ElevatedDiagnostics
2026-01-08 13:04 - 2025-01-16 12:12 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Microsoft\Excel
2026-01-07 12:43 - 2025-01-15 12:38 - 000000000 ____D C:\Users\kuchvl\Desktop\Prodej vyřazených věcí
2026-01-06 15:26 - 2025-01-15 11:18 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2774596813-2351541506-2060952939-1487
2026-01-06 15:26 - 2025-01-15 11:18 - 000003582 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2774596813-2351541506-2060952939-1487
2026-01-06 15:26 - 2025-01-15 11:18 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2774596813-2351541506-2060952939-1487
2026-01-06 15:26 - 2025-01-15 11:18 - 000002393 _____ C:\Users\kuchvl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-01-05 10:16 - 2025-10-30 09:02 - 000057522 _____ C:\Users\kuchvl\Desktop\Přehled odebraných jednotek za I. pololetí.xlsx
2026-01-05 09:54 - 2025-01-15 12:38 - 000000000 ____D C:\Users\kuchvl\Desktop\HACCP
2025-12-31 10:14 - 2024-11-13 15:57 - 000001988 _____ C:\Users\Public\Desktop\STRAVNÉ.net.lnk
2025-12-29 14:27 - 2025-01-15 12:38 - 000000000 ____D C:\Users\kuchvl\Desktop\Kalkulační vzorce
2025-12-22 01:29 - 2024-06-25 13:03 - 000003638 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-12-22 01:29 - 2024-06-25 13:03 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-12-18 11:53 - 2025-01-15 11:15 - 000000000 __SHD C:\Users\kuchvl\IntelGraphicsProfiles
2025-12-18 11:51 - 2024-06-25 15:15 - 001718036 _____ C:\Windows\system32\PerfStringBackup.INI
2025-12-18 11:47 - 2024-06-25 15:13 - 000000000 ____D C:\Intel
2025-12-18 11:47 - 2024-06-25 13:02 - 000012288 ___SH C:\DumpStack.log.tmp
2025-12-18 11:47 - 2024-06-25 13:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-12-18 11:46 - 2022-05-07 06:17 - 000786432 _____ C:\Windows\system32\config\BBI
2025-12-16 11:32 - 2025-01-15 12:38 - 000002403 _____ C:\Users\kuchvl\Desktop\Vladimíra (Osoba 2) - Chrome.lnk
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025
Ran by papepa (13-01-2026 08:05:41)
Running from C:\Users\papepa\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.6199 (X64) (2024-06-25 14:08:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3684620303-3985011473-1177193340-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3684620303-3985011473-1177193340-503 - Limited - Disabled)
Guest (S-1-5-21-3684620303-3985011473-1177193340-501 - Limited - Disabled)
lokadmin (S-1-5-21-3684620303-3985011473-1177193340-1002 - Administrator - Enabled) => C:\Users\lokadmin
WDAGUtilityAccount (S-1-5-21-3684620303-3985011473-1177193340-504 - Limited - Disabled)
ATTENTION: Domain
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 9.0.9 - AnyDesk Software GmbH)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Dálková správa VIS TV (HKLM-x32\...\DSpravaTV) (Version: - )
Epson Print Admin Driver (HKLM-x32\...\{beb4b9b0-1b06-44ab-b492-d9e29ea4901a}) (Version: 3.1.4 - Seiko Epson Corporation)
ESET Endpoint Security (HKLM\...\{5E44C9E2-CA66-44F6-8F33-48C9F844790D}) (Version: 12.1.2057.3 - ESET, spol. s r.o.)
ESET Management Agent (HKLM\...\{45E32117-E90E-4558-917E-8E45B306EF4F}) (Version: 12.5.2104.0 - ESET, spol. s r.o.)
FreeCommander XE Build 901 32-bit (HKLM-x32\...\{D3C705DC-9743-4FEF-8358-E1AC9FA69C73}_is1) (Version: 2024.0.0.901 - Marek Jasinski)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 119.0.2.0 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 143.0.7499.193 - Google LLC)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Chrome Remote Desktop Host (HKLM-x32\...\{55E2698F-22F7-4AAF-8F5B-5CB55252BB37}) (Version: 143.0.7499.7 - Google LLC)
IrfanView 4.60 (64-bit) (HKLM\...\IrfanView64) (Version: 4.60 - Irfan Skiljan)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9434.5 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 143.0.3650.139 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 143.0.3650.139 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Czech) 2016 (HKLM-x32\...\{90160000-0016-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Czech) 2016 (HKLM-x32\...\{90160000-00BA-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM-x32\...\{90160000-001F-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Czech) 2016 (HKLM-x32\...\{90160000-00E1-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Czech) 2016 (HKLM-x32\...\{90160000-00E2-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2016 (HKLM-x32\...\{90160000-002C-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2016 (HKLM\...\{90160000-002A-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2016 (HKLM-x32\...\{90160000-006E-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Standard 2016 (HKLM-x32\...\{90160000-0012-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Standard 2016 (HKLM-x32\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\...\OneDriveSetup.exe) (Version: 25.238.1204.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\OneDriveSetup.exe) (Version: 24.206.1013.0004 - Microsoft Corporation)
Microsoft OneNote MUI (Czech) 2016 (HKLM-x32\...\{90160000-00A1-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Czech) 2016 (HKLM-x32\...\{90160000-001A-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Czech) 2016 (HKLM-x32\...\{90160000-0018-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Czech) 2016 (HKLM-x32\...\{90160000-0019-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word MUI (Czech) 2016 (HKLM-x32\...\{90160000-001B-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 91.0.1 (x64 cs)) (Version: 91.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.0.1 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM-x32\...\{90160000-001F-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM-x32\...\{90160000-001F-041B-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.7.775 - Jan Fiala)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8555 - Realtek Semiconductor Corp.)
Runtime VFP 9 (1.07) (HKLM-x32\...\{B3F398EF-7459-4462-BA67-793679D647C3}) (Version: 1.07.0000 - PROVIS)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.06.00 (12.05.2021) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.02(06.06.2021) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3025 (HKLM-x32\...\Xerox WorkCentre 3025) (Version: V1.10 (11.04.2022) - Xerox Corporation)
Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-04-16] (INTEL CORP) [Startup Task]
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2026-01-13] (Sparse Package)
Intel(R) Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2521.8.2.0_x64__8j3eq9eme6ctt [2026-01-13] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1042.0_x64__8j3eq9eme6ctt [2026-01-13] (INTEL CORP)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2025-01-15] (Waves Audio)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2774596813-2351541506-2060952939-1285_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> C:\Users\papepa\AppData\Local\Microsoft\OneDrive\25.238.1204.0001\OneDrive.Sync.Service.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2774596813-2351541506-2060952939-1285_Classes\CLSID\{6e1f4e4d-65f7-4c83-be2e-9e6683cda268}\localserver32 -> C:\Program Files\ESET\ESET Security\egui.exe (ESET, spol. s r.o. -> ESET)
CustomCLSID: HKU\S-1-5-21-2774596813-2351541506-2060952939-1285_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> C:\Users\papepa\AppData\Local\Microsoft\OneDrive\25.238.1204.0001\OneDrive.Sync.Service.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2774596813-2351541506-2060952939-1285_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-08-21] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-08-21] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-08-21] (ESET, spol. s r.o. -> ESET)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2009-05-21 20:09 - 2009-05-21 20:09 - 000554496 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2024-11-13 15:58 - 2018-10-22 11:49 - 005592064 _____ (Microsoft) [File not signed] C:\Windows\System32\casablanca120.dll
2024-11-13 15:58 - 2019-05-31 09:25 - 000831488 _____ (Seiko Epson Corporation) [File not signed] C:\Windows\System32\epscpmon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Network ===========================
(Currently there is no automatic fix for this section.)
DNS Servers: 10.38.10.20 - 10.38.10.26
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Intel(R) Ethernet Connection (5) I219-LM -> e1d68x64.sys
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\Control Panel\Desktop\\Wallpaper -> C:\Users\papepa\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5925668582434200206\133782142142173128.jpg
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C5CB63FD-C0C7-4E7B-A77D-2FD8E615531F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{70D586B9-FA7C-4234-89C8-639838799186}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6C43E914-8C19-45EB-BB46-EBF64B08BD52}] => (Allow) C:\Users\kuchvl\AppData\Local\Temp\7zS5A0E\HP.EasyStart.exe (HP Inc. -> HP)
FirewallRules: [{377763BB-C674-4CB3-8E0A-4A9273CAC296}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{A7CE3C40-219A-45F6-BA3B-D4EB594ECB05}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{13DAA438-9089-4D23-9AC8-669C8F00DB8A}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\143.0.7499.7\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{B781ED6C-B9CD-4666-8698-A79AC2BC0259}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{820F1EEB-2BD3-40CF-9946-DE5BD09890ED}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{3190E6AD-C824-4FAC-9324-16B55F9A6EF6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{4E87BEE2-6302-4A22-B9A5-9383FA8A0D33}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{58CC5E6B-DE7E-499E-A43C-ACFF4121422A}] => (Allow) C:\Windows\twain_32\Xerox\WC3025\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{8AFF2586-BA67-49A4-949E-7D3888582C3D}] => (Allow) C:\Windows\twain_32\Xerox\WC3025\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{8C640C5A-E889-41D7-B27E-E6F7508B6143}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{B3E97618-575F-44EC-81B7-D8C037C459FA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{317ABAF3-35D5-4FA5-8859-49D981DF2CB5}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{5029005D-3F6F-4E5C-93E9-77F9E60115EE}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{B15D2883-39D0-4779-982C-1CAC172CC67E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{A6DEF9E4-0888-4559-9C2C-8FE80F88B95D}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C153F95D-0A8D-4011-925B-792EEC54ADD8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{1E3ADC4C-2E60-4315-BF84-47C56D9517C1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C8B21902-3D1A-47B6-9B72-C0B2A1DC7BF3}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{2A7E729B-45D4-4BA6-BCC2-B4CA7D1C983F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{D11E43E3-52AA-4569-A032-45FC125714A5}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{DA2A0456-D786-41EB-AA0B-9BBAEB3ACA38}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{58D07C67-5620-46C5-B68B-EDDFE8EAE43A}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{B976ED20-DD21-4D77-95DE-93C88B559EC2}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A54BB37B-B7FD-4B25-B224-E435F7F277D1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{6A2A6C9A-7A34-40EF-B493-7E57A80D0C15}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{09C1DAB2-91CC-438A-BB6D-BA583C1106A3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
25-12-2025 02:54:43 Windows Update
30-12-2025 05:24:21 Windows Update
05-01-2026 14:55:23 Windows Update
08-01-2026 17:30:19 Windows Update
12-01-2026 08:55:29 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/13/2026 07:50:41 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.22621.1, časové razítko: 0x3b1bcc5b
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x80131623
Posun chyby: 0x00007ffda8d6200f
ID chybujícího procesu: 0x0x5684
Čas spuštění chybující aplikace: 0x0x1dc8458ee5f29c9
Cesta k chybující aplikaci: C:\Windows\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: f3a7bdab-d093-4e71-a273-a2ae33b73bdf
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/13/2026 07:50:41 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()
Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)
Error: (01/13/2026 07:50:40 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (01/13/2026 07:50:40 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (01/13/2026 07:50:40 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
Error: (01/12/2026 02:08:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Instalačky školní\ESET\ESET PROTECT\epi_win_live_installer.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.6060_none_2712eda17382d24b.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.6060_none_6ec0247887fefb51.manifest.
Error: (01/12/2026 02:08:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Instalačky školní\ESET\ESET PROTECT\epi_win_live_installer.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.6060_none_2712eda17382d24b.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.6060_none_6ec0247887fefb51.manifest.
Error: (01/12/2026 12:23:48 PM) (Source: Application Error) (EventID: 1005) (User: ZS-VSECHOVICE)
Description: bakasql.exe0xc00000be0x0
System errors:
=============
Error: (01/12/2026 02:10:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba ESET Management Agent byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (01/12/2026 01:02:15 PM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.
Error: (01/12/2026 11:11:15 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.
Error: (01/12/2026 09:20:14 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.
Error: (01/12/2026 07:29:14 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.
Error: (01/12/2026 05:38:15 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.
Error: (01/12/2026 03:47:14 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.
Error: (01/12/2026 01:56:14 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.
Windows Defender:
================
Date: 2024-11-13 15:56:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {DA957CDE-AF25-42FE-BF22-34A1986CE19D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-11-13 15:39:06
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F3FD2366-675D-4010-A158-B58821923398}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-11-13 14:59:29
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C28CE56E-C41D-42FE-B45A-51D6D476E50C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\NETWORK SERVICE
CodeIntegrity:
===============
Date: 2026-01-13 08:06:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.27.0 09/18/2023
Motherboard: Dell Inc. 0NW6H5
Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 65%
Total physical RAM: 8050.23 MB
Available physical RAM: 2769.4 MB
Total Virtual: 9330.23 MB
Available Virtual: 4189.57 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:237.87 GB) (Free:166.87 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive e: (ADATA UFD) (Removable) (Total:28.89 GB) (Free:25.95 GB) FAT32
Drive g: (Google Drive) (Fixed) (Total:237.87 GB) (Free:158.53 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) FAT32
Drive k: (aplikace) (Network) (Total:99.98 GB) (Free:13.45 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive p: (ucitele) (Network) (Total:79.98 GB) (Free:15.25 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive t: (zaci) (Network) (Total:9.98 GB) (Free:9.9 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive u: (bakalari) (Network) (Total:9.98 GB) (Free:0.04 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive z: (zaloha) (Network) (Total:29.98 GB) (Free:29.69 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
\\?\Volume{fccdc097-f33a-431d-acfd-ebd4a16f93fa}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{c35373db-3e5d-4b90-876a-ca23f2422aea}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 8DA7CC6B)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: 37E2B16E)
Partition 1: (Active) - (Size=28.9 GB) - (Type=FAT32)
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Eset hlásí malware, ale nic nenašel
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119756
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset hlásí malware, ale nic nenašel
Zdravím!
Nejprve spusťte tuto utilitu:
Nejprve spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Eset hlásí malware, ale nic nenašel
# -------------------------------
# Malwarebytes AdwCleaner 8.7.0.619
# -------------------------------
# Build: 12-17-2025
# Database: 2025-12-16.1 (Cloud)
# Support: https://help.malwarebytes.com/
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-13-2026
# Duration: 00:00:01
# OS: Windows 11 (Build 22631.6199)
# Cleaned: 5
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\VIS
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPUsageTrackingLEDM Folder C:\Program Files (x86)\HP\HP UT LEDM\BIN
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|HPUsageTrackingLEDM
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|HPUsageTrackingLEDM
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{853F464A-B2B8-404E-BA3E-B98FF6862C41}
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1930 octets] - [13/01/2026 09:12:27]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# Malwarebytes AdwCleaner 8.7.0.619
# -------------------------------
# Build: 12-17-2025
# Database: 2025-12-16.1 (Cloud)
# Support: https://help.malwarebytes.com/
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-13-2026
# Duration: 00:00:01
# OS: Windows 11 (Build 22631.6199)
# Cleaned: 5
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\VIS
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPUsageTrackingLEDM Folder C:\Program Files (x86)\HP\HP UT LEDM\BIN
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|HPUsageTrackingLEDM
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|HPUsageTrackingLEDM
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{853F464A-B2B8-404E-BA3E-B98FF6862C41}
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1930 octets] - [13/01/2026 09:12:27]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Re: Eset hlásí malware, ale nic nenašel
Stačí tento log? Počítač se nerestartoval...
-
Rudy
- Site Admin
- Příspěvky: 119756
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset hlásí malware, ale nic nenašel
Nerestartuje se, pokud nemá důvod. Většinou ale ano. Něco ADWC smazal. Teď dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Eset hlásí malware, ale nic nenašel
K pc se dostanu až zítra ráno, pak to vložím, zatím děkuji.
-
Rudy
- Site Admin
- Příspěvky: 119756
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Eset hlásí malware, ale nic nenašel
OK. Zítra bych tu měl být také. 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Eset hlásí malware, ale nic nenašel
Ahoj, technická vsuvka - udělejme si pořádek v pojmech.
ESET Endpoint Security je antivir (AV) + FW,
ESET Protect (EPP) je centrální konzole na správu ESET produktů, takže když kolegyni antivir něco chytne, právě v té konzoli (na serveru) to uvidíš. Dá se s ní dělat plno nejrůznějších věcí a mám ji velmi rád.
Mluvíš o detekci "Detekce potenciálně spojená se známým malwarem [I0115]" - o co šlo?
- tato detekce ti v EPP dokonce vytvoří incident. Na incident se podíváš z centrální ESET Protect konzole.
- na počítači, na kterém byla hrozba detekována otevřeš antivir a skočíš do Nástroje -> Protokoly
Pokud nějaká detekce od ESETu obsahuje hranaté závorky - "[" a "]", nejedná se o detekci antiviru, ale z EPP (což velice jednoduše řečeno bude za pár měsíců i EDR (ESET Inspect), které pracuje úplně jinak než AV - hodně o něm uslyšíme) a tu prozkoumáš jen v centrální EPP konzoli.
[I0115] občas triggeruje i na mailových přílohách. Nějací profíci (APT) pošlou phishing mail, který AV chytne v Outlooku, detekuje jako (česky řečeno) "známý a velice nebezpečný bordel od známé skupiny", smaže a jste ochráněni. Já se k této variantě přikláním, protože malware v PC aktuálně nevidím. Sám si to ověříš v EPP (na serveru) nebo v logách antiviru na tomto PC viz výše (možná budeš muset skočit na správného usera). Pokud je cokoliv nejasného, dej vědět a rozepíšu se víc.
ESET Endpoint Security je antivir (AV) + FW,
ESET Protect (EPP) je centrální konzole na správu ESET produktů, takže když kolegyni antivir něco chytne, právě v té konzoli (na serveru) to uvidíš. Dá se s ní dělat plno nejrůznějších věcí a mám ji velmi rád.
Mluvíš o detekci "Detekce potenciálně spojená se známým malwarem [I0115]" - o co šlo?
- tato detekce ti v EPP dokonce vytvoří incident. Na incident se podíváš z centrální ESET Protect konzole.
- na počítači, na kterém byla hrozba detekována otevřeš antivir a skočíš do Nástroje -> Protokoly
Pokud nějaká detekce od ESETu obsahuje hranaté závorky - "[" a "]", nejedná se o detekci antiviru, ale z EPP (což velice jednoduše řečeno bude za pár měsíců i EDR (ESET Inspect), které pracuje úplně jinak než AV - hodně o něm uslyšíme) a tu prozkoumáš jen v centrální EPP konzoli.
[I0115] občas triggeruje i na mailových přílohách. Nějací profíci (APT) pošlou phishing mail, který AV chytne v Outlooku, detekuje jako (česky řečeno) "známý a velice nebezpečný bordel od známé skupiny", smaže a jste ochráněni. Já se k této variantě přikláním, protože malware v PC aktuálně nevidím. Sám si to ověříš v EPP (na serveru) nebo v logách antiviru na tomto PC viz výše (možná budeš muset skočit na správného usera). Pokud je cokoliv nejasného, dej vědět a rozepíšu se víc.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?